Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2009/06/25 3:7 p.m.1 views

jar: scheme ignores the content-disposition: header on the inner URI

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting XSS attacks and possibly other attacks via an uploaded .jar file with a...

4.3CVSS7.3AI score0.01329EPSS
Exploits0References4
securityvulns
securityvulns
added 2009/04/23 12:0 a.m.78 views

Mozilla Foundation Security Advisory 2009-16

Mozilla Foundation Security Advisory 2009-16 Title: jar: scheme ignores the content-disposition: header on the inner URI Impact: Moderate Announced: April 21, 2009 Reporter: Daniel Veditz Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Mozilla developer Daniel Veditz...

4.3CVSS0.8AI score0.01329EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2009/04/21 11:44 p.m.3 views

jar: scheme ignores the content-disposition: header on the inner URI

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting XSS attacks and possibly other attacks via an uploaded .jar file with a...

4.3CVSS7.3AI score0.01329EPSS
Exploits0References4
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.46 views

jar: scheme ignores the content-disposition: header on the inner URI — Mozilla

Mozilla developer Daniel Veditz reported that when the jar: scheme is used to wrap a URI which serves the content with Content-Disposition: attachment, the HTTP header is ignored and the content is unpacked and displayed inline. A site may depend on this HTTP header to prevent potentially untrust...

4.3CVSS0.6AI score0.01329EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder